[🙏] Make workload_events value in default policy file configurable

snyk / kubernetes-monitor

Use Snyk to find and fix vulnerabilities in your Kubernetes workloads

https://docs.snyk.io/products/snyk-container/image-scanning-library/kubernetes-workload-and-image-scanning/kubernetes-integration-overview

Other

83 stars 73 forks source link

[🙏] Make workload_events value in default policy file configurable #853

Open JorritSalverda opened 3 years ago

JorritSalverda commented 3 years ago

Describe the user need

I want kubernetes-monitor to auto-import and auto-delete my workloads. Unfortunately the workload_events value is hardcoded at https://github.com/snyk/kubernetes-monitor/blob/v1.66.2/snyk-monitor/templates/configmap.yaml#L34. A Helm value to set this - just like there is for policyOrgs - would be very helpful here.

ivanstanev commented 3 years ago

Hey @JorritSalverda

You can create your own ConfigMap with the custom rules that you need, then when installing with Helm you can point to your ConfigMap with --set workloadPoliciesMap=my-custom-rules

policyOrgs was exposed for quickly setting up using the default rules, but for more advanced cases we recommend using your own ConfigMap

Let me know if that solves your needs!

JorritSalverda commented 3 years ago

@ivanstanev If you can provide an optional configmap in the configmap.yaml file configured via the Helm chart values that would work as well. Otherwise we have to create a configmap in advance either manually, or through an additional Helm chart.

Or perhaps set the default policy file at https://github.com/snyk/kubernetes-monitor/blob/staging/snyk-monitor/templates/configmap.yaml#L29 completely from the values.